yetangitu/Peertube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2025-10-04 18:29:27 +02:00
Code Issues Releases Wiki Activity

Escape quotes for html attributes

Browse source
This commit is contained in:
Chocobozzz 2023-12-14 11:32:43 +01:00
parent 63c4a02ce0
commit edc695263f
No known key found for this signature in database
GPG key ID: 583A612D890159BE
3 changed files with 26 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
server/core/lib/html/shared/tags-html.ts
View file

@ -1,4 +1,4 @@
import { escapeHTML } from '@peertube/peertube-core-utils'
import { escapeAttribute, escapeHTML } from '@peertube/peertube-core-utils'
import { CONFIG } from '../../../initializers/config.js'
import { CUSTOM_HTML_TAG_COMMENTS, EMBED_SIZE, WEBSERVER } from '../../../initializers/constants.js'
import { MVideo, MVideoPlaylist } from '../../../types/models/index.js'
@ -61,7 +61,7 @@ export class TagsHtml {
static addDescriptionTag (htmlStringPage: string, escapedTruncatedDescription?: string) {
const content = escapedTruncatedDescription || escapeHTML(CONFIG.INSTANCE.SHORT_DESCRIPTION)
const descriptionTag = `<meta name="description" content="${content}" />`
const descriptionTag = `<meta name="description" content="${escapeAttribute(content)}" />`
return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.DESCRIPTION, descriptionTag)
}
@ -93,7 +93,7 @@ export class TagsHtml {
const tagValue = openGraphMetaTags[tagName]
if (!tagValue) return
tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
tagsStr += `<meta property="${tagName}" content="${escapeAttribute(tagValue)}" />`
})
// Standard
@ -101,7 +101,7 @@ export class TagsHtml {
const tagValue = standardMetaTags[tagName]
if (!tagValue) return
tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
tagsStr += `<meta property="${tagName}" content="${escapeAttribute(tagValue)}" />`
})
// Twitter card
@ -109,12 +109,13 @@ export class TagsHtml {
const tagValue = twitterCardMetaTags[tagName]
if (!tagValue) return
tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
tagsStr += `<meta property="${tagName}" content="${escapeAttribute(tagValue)}" />`
})
// OEmbed
for (const oembedLinkTag of oembedLinkTags) {
tagsStr += `<link rel="alternate" type="${oembedLinkTag.type}" href="${oembedLinkTag.href}" title="${oembedLinkTag.escapedTitle}" />`
// eslint-disable-next-line max-len
tagsStr += `<link rel="alternate" type="${oembedLinkTag.type}" href="${oembedLinkTag.href}" title="${escapeAttribute(oembedLinkTag.escapedTitle)}" />`
}
// Schema.org